1. CVE-Search
  2. CVE-2004-1059
ID CVE-2004-1059
Summary Multiple cross-site scripting (XSS) vulnerabilities in mnoGoSearch 3.2.26 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) next and (2) prev result search pages, and the (3) extended and (4) simple search forms.
References
Vulnerable Configurations
  • cpe:2.3:a:mnogosearch:mnogosearch:3.1.19:*:*:*:*:*:*:*
    cpe:2.3:a:mnogosearch:mnogosearch:3.1.19:*:*:*:*:*:*:*
  • cpe:2.3:a:mnogosearch:mnogosearch:3.1.20:*:*:*:*:*:*:*
    cpe:2.3:a:mnogosearch:mnogosearch:3.1.20:*:*:*:*:*:*:*
  • cpe:2.3:a:mnogosearch:mnogosearch:3.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:mnogosearch:mnogosearch:3.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mnogosearch:mnogosearch:3.2.13:*:*:*:*:*:*:*
    cpe:2.3:a:mnogosearch:mnogosearch:3.2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:mnogosearch:mnogosearch:3.2.14:*:*:*:*:*:*:*
    cpe:2.3:a:mnogosearch:mnogosearch:3.2.14:*:*:*:*:*:*:*
  • cpe:2.3:a:mnogosearch:mnogosearch:3.2.15:*:*:*:*:*:*:*
    cpe:2.3:a:mnogosearch:mnogosearch:3.2.15:*:*:*:*:*:*:*
  • cpe:2.3:a:mnogosearch:mnogosearch:3.2.16:*:*:*:*:*:*:*
    cpe:2.3:a:mnogosearch:mnogosearch:3.2.16:*:*:*:*:*:*:*
  • cpe:2.3:a:mnogosearch:mnogosearch:3.2.17:*:*:*:*:*:*:*
    cpe:2.3:a:mnogosearch:mnogosearch:3.2.17:*:*:*:*:*:*:*
  • cpe:2.3:a:mnogosearch:mnogosearch:3.2.18:*:*:*:*:*:*:*
    cpe:2.3:a:mnogosearch:mnogosearch:3.2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:mnogosearch:mnogosearch:3.2.19:*:*:*:*:*:*:*
    cpe:2.3:a:mnogosearch:mnogosearch:3.2.19:*:*:*:*:*:*:*
  • cpe:2.3:a:mnogosearch:mnogosearch:3.2.20:*:*:*:*:*:*:*
    cpe:2.3:a:mnogosearch:mnogosearch:3.2.20:*:*:*:*:*:*:*
  • cpe:2.3:a:mnogosearch:mnogosearch:3.2.21:*:*:*:*:*:*:*
    cpe:2.3:a:mnogosearch:mnogosearch:3.2.21:*:*:*:*:*:*:*
  • cpe:2.3:a:mnogosearch:mnogosearch:3.2.22:*:*:*:*:*:*:*
    cpe:2.3:a:mnogosearch:mnogosearch:3.2.22:*:*:*:*:*:*:*
  • cpe:2.3:a:mnogosearch:mnogosearch:3.2.23:*:*:*:*:*:*:*
    cpe:2.3:a:mnogosearch:mnogosearch:3.2.23:*:*:*:*:*:*:*
  • cpe:2.3:a:mnogosearch:mnogosearch:3.2.24:*:*:*:*:*:*:*
    cpe:2.3:a:mnogosearch:mnogosearch:3.2.24:*:*:*:*:*:*:*
  • cpe:2.3:a:mnogosearch:mnogosearch:3.2.25:*:*:*:*:*:*:*
    cpe:2.3:a:mnogosearch:mnogosearch:3.2.25:*:*:*:*:*:*:*
  • cpe:2.3:a:mnogosearch:mnogosearch:3.2.26:*:*:*:*:*:*:*
    cpe:2.3:a:mnogosearch:mnogosearch:3.2.26:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bid 11895
confirm http://www.mnogosearch.org/history.html
fulldisc 20041223 Cross-Site Scripting - an industry-wide problem
misc http://www.mikx.de/index.php?p=6
xf mnogosearch-search-xss(18434)
Last major update 11-07-2017 - 01:30
Published 10-12-2004 - 05:00
Last modified 11-07-2017 - 01:30
Back to Top